Oblivious transfer and Garbled circuits
来源:互联网 发布:微软sql server 编辑:程序博客网 时间:2024/05/20 23:58
Oblivious transfer
OT是指发送方sender传输给接收方receiver n个数据,但是不知道receiver收到了n中的哪一个,而receiver也只能解码其中一个。假如需要k个数据,那么至少需要k次interaction。
In cryptography, an oblivious transfer protocol (often abbreviated OT) is a type of protocol in which a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to what piece (if any) has been transferred.
1-2 oblivious transfer
In a 1-2 oblivious transfer protocol, the sender has two messages m0 and m1, and the receiver has a bit b, and the receiver wishes to receive mb, without the sender learning b, while the sender wants to ensure that the receiver receives only one of the two messages. The protocol of Even, Goldreich, and Lempel (which the authors attribute partially to Silvio Micali), is general, but can be instantiated using RSA encryption as follows.
Protocol of Even, Goldreich, and Lempel
- Alice has two messages,
m0,m1 , and wants to send exactly one of them to Bob, but does not want to know which one Bob receives. - Alice generates an RSA key pair, comprising the modulus
N , the public exponente and the private exponentd . She also generates two random values,x0,x1 and sends them to Bob along with her public modulus and exponent. - Bob picks
b to be either 0 or 1(基于想要m0 还是m1 ). He generates a random valuek and sendsxb by computingv=(xb+ke)modN to Alice. - Alice doesn’t know (and hopefully cannot determine) which of
x0 andx1 Bob chose. She applies both of her random values and comes up with two possible values fork :k0=(v−x0)dmodN andk1=(v−x1)dmodN . One of these will be equal tok and can be correctly decrypted by Bob (but not Alice), while the other will produce a meaningless random value that does not reveal any information aboutk . She combines the two secret messages with each of the possible keys,m′0=m0+k0 andm′1=m1+k1 , and sends them both to Bob. - Bob knows which of the two messages can be unblinded with
k , so he is able to compute exactly one of the messagesmb=m′b−k . 但是不知道另外一个消息,所以每次只能获取一个消息。
Garbled circuits
Yao’s garbled circuit is a method Proposed by Andy Yao in 1986 for Secure multiparty computation.
AND gate
Now we describe a protocol for securely computing f(a; b). Because f is poly-time computable, we can write a circuit that computes f. For every wire, w, in the circuit, attach two keys,
For example, say we had an AND gate with input wires x and y, and output wire z. Then the gate would store the following 4 elements in its table:
-
-
-
-
Three problems to be solved:
-this table must be permuted.
-how does Bob know whether he successfully decrypted an entry? To solve this problem, we can add an extra column to the table which contains a MAC of the proper key-pair.
-Bob needs to know the key values for all of his input wires, but Alice cannot know which key values Bob is asking for. Similarly, Alice cannot send all the key values to Bob, or else (because he is curious) he will evalute the circuit on morevalues than intended, and learn something about Alice’s input. To solve this problem, we just need to use 1/2 Oblivious Transfer.
The entire protocol:
- Alice write a garbled circuit to compute f, and hardcodes her input (resulting in a new garbled circuit that depends only on input from Bob). Then, for each remaining wire, Alice assigns a key pair
kw0 andkw1 . To each logic gate, she assigns a table denoted as above. Each table entry consists of the correct key encrypted sequentially, followed by a MAC to authenticate that the two correct keys were used to decrypt. Each MAC uses the same key. Alice sends over the entire garbled circuit to Bob. - Bob requests the correct keys for his input using 1/2-Oblivious Transfer
- Alice sends the correct keys for Bob’s input using 1/2-Oblivious Transfer
- Bob evaluates the garbled circuit using the keys he received from Alice and shares the value with Alice.
应用
Arx: A strongly Encrypted Database System
Ref
http://www.cs.cornell.edu/courses/cs6830/2009fa/scribes/lecture24.pdf
https://en.wikipedia.org/wiki/Oblivious_transfer
- Oblivious transfer and Garbled circuits
- Some Questions and Answers After Class Gates and Circuits
- schools and education (transfer)
- ASCII and Unicode transfer
- cache oblivious algorithm
- linux and mac transfer data
- Mysql and Postgres transfer case
- transfer learning and fine-tuning
- Garbled character in Vim
- circuits hdoj4285
- 1MULTI-DIMENSIONAL SIGNAL PROCESSING AND CIRCUITS FOR ADVANCED ELECTRONICALLY SCANNED ANTENNA ARRAYS
- 2MULTI-DIMENSIONAL SIGNAL PROCESSING AND CIRCUITS FOR ADVANCED ELECTRONICALLY SCANNED ANTENNA ARRAYS
- 3MULTI-DIMENSIONAL SIGNAL PROCESSING AND CIRCUITS FOR ADVANCED ELECTRONICALLY SCANNED ANTENNA ARRAYS
- 4MULTI-DIMENSIONAL SIGNAL PROCESSING AND CIRCUITS FOR ADVANCED ELECTRONICALLY SCANNED ANTENNA ARRAYS
- Create a C# COM and transfer event
- Data Transfer Process and Error handling process
- Managed File Transfer and Network Solutions
- Examples of Hough Transfer and FFT(MATLAB)
- LeetCode第40题之Combination Sum II
- OpenCv: 二维坐标的旋转方程
- int 和 Integer 的区别与作用
- Longest Valid Parentheses 最长的合法括号序列
- Ubuntu caffe安装python/caffe/_caffe.cpp:1:52: fatal error: Python.h: No such file or directory
- Oblivious transfer and Garbled circuits
- SQuirrel 连不上 Phoenix Hbase ---> 可能是因为zookeeper 集群中的一个zookeeper 启动有问题
- 第十六周上机实践项目1(3):阅读程序
- 在vs中建立web项目和web网站的区别
- leetcode--Roman to Integer
- Pig 学习之 日志处理
- 53. Maximum Subarray
- 【leetcode】2. Add Two Numbers
- android中生成随机点